PrintSummary: Detailed analysis of the Treasury’s proposal to require Credit Rating Agencies to register with the SEC and implement enhanced compliance organizations, practices and disclosures. Includes analysis of the actions the SEC is directed to take to implement the proposal. A briefer entry is available here.
Last week the Department of the Treasury proposed legislation to strengthen regulatory oversight of national credit rating agencies, one of the groups that has been pointed to as contributing to the current financial crisis. The proposal would amend Section 15E of the 34 Act to require agencies to (1) register with the SEC as “nationally recognized statistical rating organizations” (NRSROs), (2) create internal compliance organizations under a CCO, (3) implement written policies, procedures and codes of ethics, (4) include increased risk-related disclosures in ratings reports, and (5) file annual regulatory reports, including compliance certifications. The proposal also requires the SEC to create an office dedicated to overseeing NRSROs and to adopt rules to change industry business practices thought to compromise the efficacy of the rating practice, as well as to detail the rules required to implement the Act.
This legislation builds upon the Credit Rating Agency Reform Act of 2006 and its associated regulations, which provided for optional registration and were themselves extensions of earlier Commission efforts to increase the reliability of the ratings process through a series of no action letters. The approach taken in the proposal to improve the conduct of the NRSROs mirrors regulatory provisions adopted over the past several years to tighten the governance and compliance environments in regulated broker/dealers, investment advisers and investment companies, including the development of written policies and procedures, the adoption of codes of ethics, the designation of Chief Compliance Officers, and the institution of systems of internal controls. The specific concerns targeted in the proposal also reflect the increased focus that governance experts, like Professor Coffee at Columbia, have placed on dealing with conflicts of interest between the “gatekeepers” like the auditors and rating agencies and their clients, as the basis for structuring statutory and regulatory requirements.
On August 5th Professor Coffee testified before the Senate Committee on Banking, Housing and Urban Affairs concerning this proposal. In his opening statement, a clip from which is included at left, Professor Coffee points to two shortfalls in the Treasury proposal relative to legislation proposed in April by Senator Reed, which he believes would make the measure ineffective in remedying the problems it targets. First, the proposal fails to address the lack of due diligence reviews by the agencies of the inputs used in their models. Second, rating agencies don’t face the same risks of potential legal liability that motivates most other gatekeepers to adopt rigorous measures to verify the accuracy of their work products.
Concern with the reliability of credit ratings has been voiced by a number of firms and organizations in the investment industry, especially by those managing money market funds which are required to apply NRSRO ratings when selecting certain investments. In April representatives from some of the leading investment firms, the industry groups, the NRSROs, and academia participated in an SEC roundtable on this issue. While much of the discussion called either for a more dramatic restructuring of the industry at one extreme, or for much less change than the proposal includes at the other, depending mostly on the affiliation of the participant, there was clear agreement that change is required because the markets have lost confidence in the ratings being issued. In his statement, Richard Baker (the President and CEO of the Managed Funds Association) noted the concerns of the alternative investment industry, described the agencies as playing a fiduciary role, and called for regulators to require increased disclosure, greater transparency, and some form of accountability.
NRSRO Requirements
The Act directs the SEC to promulgate rules specifying how NRSROs are to manage conflicts that arise from business relationships, affiliations or board overlaps with the issuers they rate, from any affiliations among their staff and the issuers or underwriters of rated securities, and from any any other sources of conflict they identify. Based on these rules, each NRSRO will be required to establish and enforce compliant written policies and procedures, reasonably tailored to their activities to identify, address and disclose conflicts of interest involving the agency or its staff, and to strengthen their governance procedures for managing such conflicts as may arise.
In line with recent critical commentary from investors, the Act attempts to deal with the inherent conflict created because issuers pay for their ratings. The Act specifically directs the Commission to promulgate rules specifying how NRSROs are to deal with conflicts related to the compensation model. It also calls upon the SEC to devise changes in the industry’s payment and incentive practices to ensure that NRSROs maintain accurate and reliable ratings following an issuance, and it provides for censures and penalties if they do not.
To protect the independence of the rating process, the Act prohibits NRSROs and their affiliates from performing rating services for an issuer for whom they have performed other services, such as risk management advisory or consulting services, in return for for separate compensation.
Again addressing potential conflicts, if an employee leaves an NRSRO and and takes a position with the underwriter or issuer of a security they helped to rate during the preceding year, the NRSRO is required to perform a look-back review and, if necessary revise, the rating on such security.
The legislation’s approach to achieving NRSRO compliance builds on the current regulatory philosophy of fostering a strong corporate compliance environment to internalize oversight. In a formulation reminiscent of the 38a-1, 206(4)-7 and 3010/3012/3013 requirements applicable to investment companies, advisers and broker/dealers, respectively, the SEC is directed to verify that the NRSRO ”established and documented a system of internal controls, due diligence and implementation of methodologies” and is in fact adhering to the system.
We’ve characterized this model as being an outsourcing of portions of the regulatory oversight function from the SEC to the regulated firms, but in a 2008 issue of the Harvard International Law Journal John Walsh (Chief Counsel of the OCIE at the SEC) used the better term Institution-Based Regulation. By showing how thoroughly the regulatory community has accepted this model, this proposal emphasizes the intent of the SEC to push for the imposition of the Institution-Based model in other sectors of financial services, as it would be enabled to do with hedge funds if the Private Fund Investment Advisers Act is passed. It also presages how forcefully the SEC would apply the model afterward.
Again in parallel with the earlier regulations that applied the model, each NRSRO will be required to designate a Chief Compliance Officer (CCO) to administer the required compliance framework, overseeing compliance with (1) the policies and procedures that deal with conflicts, (2) the procedures, methodologies, models and controls that apply to the rating processes, and (3) all applicable securities laws. The Act requires applying a risk-based approach in which the CCO’s selection and depth of review takes into account the risk that potential non-compliance in an activity could compromise the integrity of the ratings assigned. To help identify potential compliance issues, the CCO will be responsible for establishing and overseeing procedures to collect and deal with customer and confidential employee complaints, and for overseeing efforts to remediate any compliance issues that are identified.
CCOs will be required to prepare and certify annual reports on compliance by their NRSRO, which will be included with the firm’s financial filings with the SEC.
The CCO must be a direct report to the board of the NRSRO and cannot participate in the rating process, the development of ratings models, marketing or sales activities, or in setting compensation for non-compliance staff.
Directives to the SEC
Under the proposed legislation, the SEC will be charged with prescribing rules requiring the board or senior officer to approve the procedures, methodologies, and models used to perform their ratings, requiring that procedures are in place to ensure any changes in the models or procedures are applied uniformly, and that the users of ratings are notified which versions were used to arrive at a given rating and when changes were made in the models or procedures. The rules will also require NRSROs to develop distinct rating symbols for structured v. non-structured securities within two years. The SEC is to develop disclosure forms required to accompany each rating, which are to include information about the methodologies used to produce the rating, any known potential shortcomings in the rating process used, background on the level of certainty of the rating, the nature and relative quality of the data used to arrive at the rating, and any external due diligence reviews performed. Agencies will be specifically required to discuss the potential volatility expected in the rating along with their estimates of the probabilities of loss or default. These extensions of NRSRO disclosure requirements build on the enhanced disclosure required under the rules adopted by the SEC last December.
The Act directs the SEC to conduct reviews no less than annually to verify that each NRSRO has established and documented the required system of internal controls, due diligence, ratings methodologies, and look-back procedures, that it operates in conformance with its documented procedures, and that its public disclosures are consistent with them. The scope of the review is to include every type of credit rating the NRSRO performs and the Commission’s report is to be made public along with the NRSRO’s code of ethics and conflict of interest policy. If it so elects, the Commission is given the authority to delegate these reviews to the PCAOB.
Finally, the SEC is directed to create and staff a new office chartered with administering the regulation of NRSROs, and to develop the detailed rules, forms, and standards needed to implement and enforce this Act.
Print
{ 1 trackback }